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Background of the Inventions 

1. Technical Field 

This invention relates to smart card applications and, more 
5 particularly, to a network arrangement to provide access to an architecture that 
supports a variety of advanced smart card applications. 

2. Background Art 

The present telephone network including the copper, fiber 

10 optic, and wireless communications infrastructure, provides a potential robust 
architecture for data card or smart card applications. 

The term "data card" as used herein includes financial cards 
such as credit cards, debit cards, ATM cards, as well as non-financial data 
cards such as energy company cards, department store cards, car rental cards, 

15 hotel cards and airline cards. Data cards can also include driver's licenses, 
building security cards, and personal identification cards. Data cards 
commonly have a magnetic strip containing a limited amount of read-only 
data. Such data cards are very common and most people carry numerous 
cards to function in modern society. 

20 Partly due to the number and types of data cards, substitute, 

replacement, or consolidation cards have been developed allowing multiple 
card issuers to be represented with a single data card, thereby allowing 
consumers to carry just one card for several types of transactions includmg 
those identified above. Such cards have been referred to as "smart" cards, 

25 The magnetic-striped data cards, which are in general use, have limited 
capabilities. Smart cards, however, differ from data cards in that they can 
hold much more information and often include some "intelligence" such as a 
microprocessor or the like. 
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While much prior work is focused on the design of smart cards, 
smart card readers, and applications for smart cards, there is has been much 
less focus on the integration of a centralized server architecture or a network 
arrangement for multiple smart card applications. 
5 In this regard, the present invention describes a network 

arrangement which is readily accessible from different types of smart card 
terminals supporting various smart card applications. The network 
connections are facilitated by the present telephone network or an 
interconnected network of computers such as the Internet. With a centralized 
10 server architecture, data related to an individual can be accessed by an 
individual smart card, predefined groups of smart card users, or the general 
public. 

Brief Description of the Drawings 

15 For a more complete understanding of this invention, reference 

should now be had to the embodiment illustrated in greater detail in the 
accompanying drawing and described below by way of examples of the 
invention. In the drawings. 

FIGURE 1 is a block diagram of one embodiment of the 
20 network arrangement for smart card applications. 

FIGURE 2 is a block diagram of another embodiment of the 
network arrangement for smart card applications. 

FIGURE 3 is a block diagram of the central database server of 
Figures 1 or 2. 

25 

Detailed Description of the Preferred Embodiment 

Referring to Figure 1, there is shown one embodiment for a 
network arrangement for smart card applications in accordance with the 



present invention. The network arrangement makes use of a central database 
server 10 that supports many different smart card applications, and supports 
many users within a given application. A smart card 12, in combination with 
a smart card terminal 14, is used to access the central database server 10 
5 through the network central office 16 of the Public-Switched Telephone 
Network. 

The central database server 10 includes partitioned memory, 
described in further detail below, as well as a microprocessor for processing 
data received from and transmitted to the smart card terminal 14. 

10 The central database server 10 is a centralized partitioned 

database server which partitions information both in terms of the smart card 
application as well as the accessibility of the information. The information is 
stored by category (medical, financial, etc.) as well as level of security 
(unrestricted, or public limited access, restricted),. Thus, for example, in a 

15 retail purchase application 18, a merchant may require access to a user's 
credit information to determine whether to accept the user's credit for a 
particular dollar amount. This information may be partitioned in the limited 
access region 20 of commercial transaction applications 18. 

Private or proprietary information is partitioned such that the 

2 0 owner of the information has control over how the information is transferred 
and used. Thus, for example, medical information 22 provided to a health 
professional may be considered private and only available by way of special 
authorization from the owner of the information. In this way, the owner of 
the information contained within the central database server has control over 

2 5 how the information is transferred and used. 

The structure of the central database server is similar to a 
UNIX-based file system. Different user identification codes, or data pointers, 
provided by smart cards 12 allow access to partitions in the database. The 
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information contained within the central database server is associated with the 
user identification codes on the smart cards 12 such that it can be classified as 
public information available to all the world; limited access information 
available to persons or selected groups with a user authentication code; or 
5 proprietary information accessible only by the owner of the information or a 
group with privileges to that directory information. Besides restricting others 
access to a smart card holder's information/data, the information or data 
within the server 10 can lunit options available to cardholders. For example, 
the information owner can specify that a smart card belonging to a person or a 

1 0 collection of cards belonging to a group such as a family unit can be restricted 
in commercial transactions using the smart card to a maximum dollar value 
over a given time interval, or to particular merchants. Further examples of 
system transactions will be described with reference to Figure 3, 

Each smart card 12 used with the system provides data pointers 

15 to the relevant partitions of the central database server 10, This reduces the 
amount of information which must be stored or transferred to each smart card 
12 and enables data to be shared across groups of cards that may be treated as 
a single unit. These pointers facilitates more complex applications which may 
otherwise require more resources than could be economically stored or 

2 0 transferred to the smart card 12. Thus, the network augments or replaces the 
amount of card memory typically associated with smart cards. This allows 
greater capacity than could otherwise be achieved by storing information on 
the cards alone. 

Although the central database server 10 is shown as a single 
2 5 server, it is to be understood that multiple servers may comprise the central 
database server 10. For example, in the merchant transaction discussed 
above, the purchaser's credit files are more likely to be stored in a database 
monitored by the credit reporting companies such as TransUnion or Equifax, 
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as opposed to the central database server 10. In such cases, the central 
database server 10 acts as a network smart card server which facilitates data 
transfer between the database containing the desired information and the 
merchant or person requesting the information. In the same way, insurance 
5 information would ultimately reside with the insurer, medical records with the 
health provider, financial records with the bank or broker, and so on. The 
network smart card server acts as a secured gatekeeper to such information 
and the smart card acts as the enabling key. 

In another embodiment, a central time/date and certification 

1 0 authority 30 is integrated into the network arrangement to verify authenticity 
and thneliness of the information involved in the smart card transaction such 
as medical, financial, and commercial information. In addition, the central 
database server 10 and central time/date authority 30 can be used to provide 
certified personal information 32 such as digitized photograph that can be 

15 included as part of a photo identification such as a driver's license. 

Smart card 12 is formed of plastic or other suitable material and 
contains circuitry 40 which includes a microprocessor and memory including 
random access memory (ElAM) and read only memory (ROM). The face of 
the smart card 12 may have information printed or embossed on it such as a 

20 photograph, in addition to the name of the card holder. The same information 
can alternatively or additionally be provided in the memory contained within 
the card 12. The card memory also preferably includes a users "certificate" 
or "digital signature" as well as encryption capability for security. 

Figure 1 shows the smart card 12 interacting with a smart card 

25 terminal 14. Smart card terminal 14 is capable of reading information 
contained within the memory 40 of the smart card and is also capable of 
writing information to the smart card memory to update various records 
thereon. Smart card terminal 14 is connected by a data link such as the plain 
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old telephone system (POTS) or a digital subscriber line (DSL) to the network 
central office 16 of the Public-Switched Telephone Network. Although only 
one smart card 12 and smart card terminal are shown in Figure 1, it is to be 
understood that a plurality of cards 12 and terminals 14 access the central 
5 database server 10 through the network central office 16. 

In operation, the smart card 12 is inserted into the smart card 
terminal 14 and a personal identification number (PIN) is optionally entered 
using an input device 44 such as a keypad, mouse, or a track ball provided on 
the terminal 14. A digital signature or a voice print or other security measure 

10 46 which is stored in the central database server 10 can optionally be verified 
as well. The desired application is then selected which relates to a memory 
partition of the central database server 10 such as: medical treatment, 
financial transaction, telephone services, commercial transaction, insurance, 
personal information, security access/authorization, entertainment, or other 

15 application. Once the user's authorization has been verified, data pointers on 
the smart card 12 provide access to the relevant partitioned memory portions 
of the central database server 10. Routing circuitry controlled by the 
microprocessor within the central database server 10 routes the data pointer to 
appropriate memory locations or database of the information keeper relating to 

20 the application at issue such as medical, financial, etc. Data from these 
various locations is supplied back to the smart card terminal 14, and if 
appropriate, the data stored on the smart card 12 is updated. 

Because the majority of the information is stored at a central 
location, namely the central database server 10, the present network 

25 arrangement allows for advance smart card terminals 50 which include a 
display unit 52, a keyboard 54, and a pointing device such as a track ball 56 
or mouse. A smart card 12 coupled with such a terminal 50 having an 
established connection through the network central office 16 to the central 
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database server 10 has the power of a typical networked computer. Smart 
card 12, in such a case, provides access to the authorization procedure, user 
profile information, and pointers to relevant data within the partitioned central 
database server 10. 

5 It is contemplated that such smart card "docking stations" could 

transform hotel room entertainment centers or airplane seat video screens into 
networked computers with the insertion of a user's smart card. 

Referring to Figure 2, another embodiment of the network 
arrangement for smart card applications is shown. In contrast to Figure 1, the 

10 network arrangement of Figure 2 is implemented over an interconnected 
network of computers such as the Internet 100 as well as or alternatively to the 
traditional telephone network 102. In this example. Merchant A can be 
identified to the network smart card server 110 via the dial-up network of the 
telephone network 102. For example, the "caller ID" feature of the telephone 

15 network 102 could identify the merchant to the network smart card server 
110. Alternatively, the server 110 can identify the merchant, such as 
Merchant B, by way of a digital certificate or access code associated with the 
particular merchant transmitted over the Internet. The merchant record at the 
server 110 identifies the nature of the transaction, i.e., pharmacy, 

2 0 dentist/doctor, insurance, financial, travel, retail, etc. This link between the 
merchant and server 110 may be established at the start of each business day, 
at the time of the transaction, or may be continuously established until The 
merchant has "logged off" the system. 

Figure 3 shows a schematic diagram of the partitioned server 

25 database of Figures 1 and 2. A typical network transaction will now be 
described with reference to Figures 1, 2 and 3. A user presents their smart 
card 12 to a merchant such as a pharmacy. The card 12 is inserted into a card 
terminal 14, 50 to provide authentication information to the merchant. 
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Preferably, the smart card provides a one-time encrypted user authentication 
code based on the user's digital signature or certificate. This code, in turn, is 
transmitted over the communication network 100, 102 along with the 
merchant identification code to the server 10, 110. Thus, the digital signature 
5 of the card does not change, but an authorization code generated by an 
encryption scheme known to the server provides a unique access code each 
time the card is involved in a transaction with the network. 

The network server 10, 100 validates the user identification by 
decrypting the authorization code. This uiformation is then cross-referenced 

1 0 with the merchant code to identify the information available to the merchant. 
The merchant can then view the information stored within the server 10, 110, 
upload/download information and perform transactions which are recorded at 
the server 10, 100. 

The merchant's access to the information is limited by thne 

15 and/or number of transactions depending upon the type of merchant or nature 
of information. Preferably, however, the merchant would be allowed 
continuous access to information it has provided such as all past transactions 
with a certain user even after access to the user's information expires. 

Figure 3 provides one example of the type of information 

2 0 accessible withm or through the server 200. As mentioned above, information 
is stored in three levels of security: unrestricted, limited access, and 
restricted. In the pharmacy example, once the user's authentication code and 
merchant code have been verified by the system, the pharmacist may have 
access to the user's digital wallet 210, medical alerts 212, and insurance and 

2 5 prescription information 214, Without further authorization, however, the 
pharmacy would not have access to the user's medical history 216. 
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Similarly, a grocer may have access to the user's digital wallet 
210 and medical alerts 212 which may be necessary in the event of a medical 
emergency, but probably not be allowed to access any other user information. 

In contrast, a loan officer at a bank or automotive dealership 
5 would be allowed to access to the user's credit history 218 as well as the 
user's financial account balances 220. 

Data is stored in the server in several ways. Merchant profiles 
become populated when a merchant subscribes to the service. Default profiles 
can exist for merchants until a sufficient number of transactions occur through 
1 0 that merchant to provide network use information which may be relevant to 
the system. Similarly, the user data becomes populated when the user 
subscribes as part of the smart card activation process. Additional data is 
created as the user and the merchants interact with the system. 

While the invention has been described in connection with one 
15 or more embodiments, it will be understood that the invention is not limited to 
those embodiments. On the contrary, the invention covers all alternatives, 
modifications, and equivalents, as may be included withui the spirit and scope 
of the appended claims. 
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What Is Claimed Is: 

1. A network for smart card applications using a smart card in 
combination with a smart card terminal comprising: 

a communications network in operative communication with said 
smart card terminal; and 
5 a central database server in operative communication with said 

communications network, said central database server including a plurality of 
partitioned memory locations wherein at least one of said memory locations 
contains information associated with said smart card, said information being 
accessible by said smart card terminal via data pointers contained within said 
10 smart card. 

2. The network of claim 1 further comprising a central 
time/data authority in operative communication with said communications 
network, said central time/data authority providing a time verification associated 
with said information transmitted between said central database server and said 

1 5 smart card terminal , 

3. The network of claim 1 wherein said communications 
network is part of a public-switched telephonejigtwofk. 

4. The network of claim 1 wherein said communications 
network communicates with said smart card terminal via the plain old telephone 

20 system (POTS). -^"^^^ 

5. The network of claim 1 wherein said communications 
network includes the Internet. 



6. The network of claim 1 wherein said central database server 
comprises a network smart card server and a plurality of interconnected database 
2 5 servers. 
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7. The network of claim 1 wherein at least one of said 
plurality of partitioned memory locations includes a restricted data portion 
containing information accessible to a first predetermined group of network users, 
and a public data portion containing information accessible to a second 
predetermined group of network users. 

8. The network of claim 2 wherein at least one said plurality 
of partitioned memory locations includes -'^'Irestricted data portion containing 
information accessible to a first predetermined group of network users, and a 
public data portion containing information accessible to a second predetermined 
group of network users. 

9. The network of claim 7 wherein each of said plurality of 
partitioned memory locations supports a diffeii^it^mart card application 

10. A method of accessing information for a smart card 
transaction comprising the steps of: 

providing at least one smart card terminal for connection with a 
smart card; ^ 

selecting a desired application for said smart card transaction; 

transmitting through a communications network at least an 
authorization code associated with said smart card to a network smart card server, 
said network smart card server including a plurality of partitioned memory 
locations, said authorization code providing a data pointer pointing to information 
contained in at least one of said plurality of partitioned memory locations; and 

transmitting said information through said communications network 
to said smart card terminal. 

11. The method of claim 10 further comprising the steps of 
modifying said mformation at said smart card terminal, re-transmitting said 
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modified information to said network smart card server, and storing said modified 
information in said at least one of said plurality of partitioned memory locations. 



12, The method of claimj^-^rther comprising the step of 
providing a central time/date value associated with said transmitted information, 

5 13. The method of claim 10 further comprising the step of 

modifying the information stored on said smaptcBid. 

14. A network smart card server for use in smart card 
transactions comprising: 

a first plurality of partitioned memory locations; 
10 a second plurality of partitioned memory locations; and 

a microprocessor programmed to receive an authorization code 
associated with a smart card said authorization code representing a data pointer 
for pointing to information contained within a memory location within said first 
or second plurality of partitioned memory locations. 

15 15. The network smart card server of claim 14 wherein each of 

said first plurality of partitioned memory locations-represents public data 
associated with said smart card transaction. 

16, The network smart card server of claim 15 wherein each of 
said second plurality of partitioned memory locations repres^ents" restricted data 

2 0 associated with said smart card transaction. 

17. The network smart card server of claim ^wherein each of 
said first and second plurality of partitioned memory locations contain 
information corresponding to a smart card application. 
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18. The network smart card server of claim 14 wherein at least 
one of said first plurality of partitioned memory locations isjoaated on a separate 
database server accessible through a communications network. 

19. The network smart card server of claim 18 wherein said 
5 communications network includes the Internet. 

20. The network smart card server of claim 18 wherein said 
communications network includes a public-switched telephone network. 
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Abstract 



A network for smart card applications using a smart card in 
5 combination with a smart card terminal. The network arrangement includes a 
communications network connected to at least one smart card terminal, and a 
central database server in operative communication with the network central 
office. The network central office is part of the public switched telephone 
network and transmits smart card data between the smart card terminal and 

10 central database server. The central database server includes many partitioned 
memory locations each containing information associated with a smart card 
application. The information contained in the partitioned memory locations is 
accessible by data pointers stored on the individual smart cards. In this manner, 
the amount of data stored on the smart cards using the system is reduced and all 

15 of the information relating to a smart card user is centralized in one location. The 
central database server includes means for distinguishing between public 
information and proprietary information stored in the partitioned memory 
locations. 
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